package com.huatech.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;


/**
 * @author lihua_java@163.com
 */
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
	
    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;
	@Autowired
    private RedisConnectionFactory connectionFactory;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new MD5PasswordEncoder();//new BCryptPasswordEncoder();
    }
    /**
     * 定义token的存储方式
     *
     * @return TokenStore
     */
    @Bean
    public TokenStore tokenStore() {
        return new RedisTokenStore(connectionFactory);
    }
    
    /**
     * 定义令牌端点上的安全性约 束
     *
     * @param oauthServer oauthServer defines the security constraints on the token endpoint.
     * @throws Exception exception
     */
    @Override
    public void configure(final AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer.tokenKeyAccess("permitAll()")
        .checkTokenAccess("isAuthenticated()");
//        .allowFormAuthenticationForClients();// form方式
    }
    
    /**
     * 第三方应用客户端的有关配置
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    	
        clients.inMemory()
                .withClient("test")
                .secret(passwordEncoder().encode("test1234"))
                .accessTokenValiditySeconds(600)	// 10 min
                .refreshTokenValiditySeconds(864000)// 10 day
                .authorizedGrantTypes("authorization_code", "refresh_token")
                .redirectUris("https://www.baidu.com")//, "https://bingbon-contract.smallai.com/module/trade.html")
                .scopes("all")
                .autoApprove(true);
    }
    
    /**
     * 定义授权和令牌端点以及令牌服务
     *
     * @param endpoints defines the authorization and token endpoints and the token services.
     * @throws Exception exception
     */
    @Override
    public void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                //指定认证管理器
                .authenticationManager(authenticationManager)
                // refresh_token
//                .reuseRefreshTokens(false)
                //指定token存储位置
                .tokenStore(tokenStore());
    }

}
